Cisco FirePOWER ASA 5500 series Configuration Manual page 425

Chapter 25 Configuring Application Layer Protocol Inspection
To identify the class map from
Step 4
command:
hostname(config-pmap)# class class_map_name
hostname(config-pmap-c)#
If you are editing the default policy map, it includes the inspection_default class map. You can edit the
actions for this class by entering inspection_default as the name. To add an additional class map to this
policy map, identify a different name. You can combine multiple class maps in the same policy if
desired, so you can create one class map to match certain traffic, and another to match different traffic.
However, if traffic matches a class map that contains an inspection command, and then matches another
class map that also has an inspection command, only the first matching class is used. For example,
SNMP matches the inspection_default class map.To enable SNMP inspection, enable SNMP inspection
for the default class in
Step 5 Enable application inspection by entering the following command:
hostname(config-pmap-c)# inspect protocol
The protocol is one of the following values:
Table 25-2
Keywords
ctiqbe
dcerpc [map_name]
dns [map_name]
esmtp [map_name]
ftp [strict [map_name]]
gtp [map_name]
OL-10088-01
Step 1 to which you want to assign an action, enter the following
Step 5. Do not add another class that matches SNMP.
Protocol Keywords
Cisco Security Appliance Command Line Configuration Guide
Notes
—
If you added a DCERPC inspection policy map according to
"Configuring a DCERPC Inspection Policy Map for
Additional Inspection Control" section on page
identify the map name in this command.
If you added a DNS inspection policy map according to
"Configuring a DNS Inspection Policy Map for Additional
Inspection Control" section on page
name in this command. The default DNS inspection policy
map name is "preset_dns_map." The default inspection
policy map sets the maximum DNS packet length to 512
bytes.
If you added an ESMTP inspection policy map according to
"Configuring an ESMTP Inspection Policy Map for
Additional Inspection Control" section on page
identify the map name in this command.
Use the strict keyword to increase the security of protected
networks by preventing web browsers from sending
embedded commands in FTP requests. See the
strict Option" section on page 25-26
If you added an FTP inspection policy map according to
"Configuring an FTP Inspection Policy Map for Additional
Inspection Control" section on page
name in this command.
If you added a GTP inspection policy map according to the
"Configuring a GTP Inspection Policy Map for Additional
Inspection Control" section on page
name in this command.
Configuring Application Inspection
25-12,
25-20, identify the map
25-24,
"Using the
for more information.
25-27, identify the map
25-32, identify the map
25-7